syzbot

 sign-in | mailing list | source | docs
🐞 Open [142]
🐞 Fixed [16]
🐞 Invalid [163]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

general protection fault in get_work_pool

Status: public: reported C repro on 2019/04/11 08:44
Reported-by: syzbot+4a232c03a912af0f3b7b@syzkaller.appspotmail.com
First crash: 2449d, last: 2280d
Similar bugs (6)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 general protection fault in get_work_pool 1 1475d 1475d 0/1 auto-closed as invalid on 2021/03/07 04:54
android-414 general protection fault in get_work_pool 4 2100d 2048d 0/1 auto-closed as invalid on 2019/08/20 09:55
upstream general protection fault in get_work_pool net C done 24 2052d 2455d 13/28 fixed on 2019/11/03 21:23
linux-4.14 general protection fault in get_work_pool C done 1 1441d 1472d 1/1 fixed on 2021/01/09 22:02
upstream general protection fault in get_work_pool (2) kvm 5 156d 156d 0/28 closed as invalid on 2024/08/16 18:24
android-49 general protection fault in get_work_pool C 24 2140d 2049d 0/3 public: reported C repro on 2019/04/13 00:00

Sample crash report:
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 2478 Comm: syz-executor596 Not tainted 4.4.150-g5541782 #83
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8801d9440000 task.stack: ffff8801d7a18000
RIP: 0010:[<ffffffff8117c4ab>]  [<ffffffff8117c4ab>] get_work_pool+0xfb/0x1e0 kernel/workqueue.c:724
RSP: 0018:ffff8801d7a1f478  EFLAGS: 00010006
RAX: dffffc0000000000 RBX: 00000000fffffe00 RCX: 0000000000000000
RDX: 000000001fffffc0 RSI: ffffffff8117c493 RDI: 0000000000000046
RBP: ffff8801d7a1f490 R08: 0000000000000092 R09: 0000000000000001
R10: 0000000000000000 R11: ffff8801d9440000 R12: 0000000000000000
R13: ffff8801d991e000 R14: ffff8801db223c00 R15: ffff8800ac9d1638
FS:  0000000000e0e880(0063) GS:ffff8801db200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000415020 CR3: 00000001d3b62000 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 dffffc0000000000 0000000000000000 ffff8801d991e000 ffff8801d7a1f510
 ffffffff8117f166 ffff8801d94408d8 0000000600000007 ffff8801d991e188
 0000000000000010 ffff8801d991e180 0000000000023c00 ffffed003b323c31
Call Trace:
 [<ffffffff8117f166>] __queue_work+0x146/0xea0 kernel/workqueue.c:1375
 [<ffffffff81180a6b>] queue_work_on+0x4b/0xb0 kernel/workqueue.c:1458
 [<ffffffff833d1251>] queue_work include/linux/workqueue.h:475 [inline]
 [<ffffffff833d1251>] schedule_work include/linux/workqueue.h:533 [inline]
 [<ffffffff833d1251>] xfrm_policy_insert+0xa41/0xed0 net/xfrm/xfrm_policy.c:813
 [<ffffffff83402bf8>] xfrm_add_policy+0x248/0x500 net/xfrm/xfrm_user.c:1561
 [<ffffffff833ff336>] xfrm_user_rcv_msg+0x3d6/0x6c0 net/xfrm/xfrm_user.c:2544
 [<ffffffff830c2135>] netlink_rcv_skb+0x145/0x370 net/netlink/af_netlink.c:2361
 [<ffffffff833fbeef>] xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2552
 [<ffffffff830c0ce9>] netlink_unicast_kernel net/netlink/af_netlink.c:1277 [inline]
 [<ffffffff830c0ce9>] netlink_unicast+0x4e9/0x700 net/netlink/af_netlink.c:1303
 [<ffffffff830c1695>] netlink_sendmsg+0x795/0xc30 net/netlink/af_netlink.c:1859
 [<ffffffff82f25d2c>] sock_sendmsg_nosec net/socket.c:626 [inline]
 [<ffffffff82f25d2c>] sock_sendmsg+0xcc/0x110 net/socket.c:636
 [<ffffffff82f277f5>] ___sys_sendmsg+0x745/0x880 net/socket.c:1963
 [<ffffffff82f29896>] __sys_sendmsg+0xd6/0x190 net/socket.c:1997
 [<ffffffff82f2997d>] SYSC_sendmsg net/socket.c:2008 [inline]
 [<ffffffff82f2997d>] SyS_sendmsg+0x2d/0x50 net/socket.c:2004
 [<ffffffff838cb0a5>] entry_SYSCALL_64_fastpath+0x22/0x9e
Code: 5c 80 1d 00 48 89 d8 5b 41 5c 41 5d 5d c3 e8 4d 80 1d 00 48 81 e3 00 fe ff ff 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 c2 00 00 00 48 8b 1b e8 23 80 1d 00 48 89 d8 
RIP  [<ffffffff8117c4ab>] get_work_pool+0xfb/0x1e0 kernel/workqueue.c:724
 RSP <ffff8801d7a1f478>
---[ end trace 4ed6c42e14e11fa0 ]---

Crashes (5):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/08/20 21:52 https://android.googlesource.com/kernel/common android-4.4 5541782ce2bb 95b5c82b .config console log report syz C ci-android-44-kasan-gce
2018/08/25 04:04 https://android.googlesource.com/kernel/common android-4.4 e15716b49f04 9b0f5c75 .config console log report ci-android-44-kasan-gce
2018/05/18 07:20 https://android.googlesource.com/kernel/common android-4.4 46155cc7bd1b 738d58ad .config console log report ci-android-44-kasan-gce
2018/03/16 10:20 https://android.googlesource.com/kernel/common android-4.4 d63fdf61a4dc 08dacaa0 .config console log report ci-android-44-kasan-gce
2018/03/09 06:15 https://android.googlesource.com/kernel/common android-4.4 d63fdf61a4dc 36d1c454 .config console log report ci-android-44-kasan-gce
* Struck through repros no longer work on HEAD.